feat(infra): production bootstrap — cert-manager, longhorn, monitoring
Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo + Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning. Production overlay: add patches for postgres sizing, SeaweedFS volume, OpenSearch storage, LiveKit service, Pingora host ports, resource limits, and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames for all *.sunbeam.pt subdomains.
This commit is contained in:
10
overlays/production/patch-livekit-service.yaml
Normal file
10
overlays/production/patch-livekit-service.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
# Patch: keep LiveKit TURN service as ClusterIP — Pingora routes external TURN traffic.
|
||||
# Without this patch, klipper-lb (disabled) or the default LoadBalancer type may
|
||||
# conflict with Pingora's host port bindings on port 443.
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: livekit-server-turn
|
||||
namespace: media
|
||||
spec:
|
||||
type: ClusterIP
|
||||
Reference in New Issue
Block a user